Improve Kubernetes Namespace Handling

Before this commit it wasn't possible to create applications with names like MY-APP on a Kubernetes cluster because the application name has been used as namespace identifier but the name could contains characters that weren't allowed in RFC1123. Futher, this commit adds an additional configuration option to add optional annotations to namespaces. For example, with "field.cattle.io/projectId" it is possible to link dynamically created namespaces to Rancher projects. Also, the number of API calls to the Kubernetes backend has been reduced by just deleting the namespace of the application rather then deleting all objects in the namespace first. Additionally, this commit updates a set of library dependencies.
aixigo · Dec 12, 2023 · 5e7a24f · 5e7a24f
1 parent ff3fffa
commit 5e7a24f
Show file tree

Hide file tree

Showing 17 changed files with 1,660 additions and 1,104 deletions.
diff --git a/api-tests/Cargo.lock b/api-tests/Cargo.lock
diff --git a/api/Cargo.lock b/api/Cargo.lock
diff --git a/api/Cargo.toml b/api/Cargo.toml
@@ -23,7 +23,7 @@ evmap = "10.0"
 failure = "0.1"
 figment = { version = "0.10", features = ["env", "toml"] }
 futures = { version = "0.3", features = ["compat"] }
-handlebars = "2"
+handlebars = "4.5"
 http-api-problem = "0.57"
 jira_query = "1.3"
 k8s-openapi = { version = "0.18", default-features = false, features = ["v1_24"] }
@@ -35,7 +35,7 @@ pest = "2.6"
 pest_derive = "2.6"
 regex = "1.9"
 reqwest = { version = "0.11", features = ["json"] }
-rocket = { version = "0.5.0-rc.3", features = ["json"] }
+rocket = { version = "0.5.0", features = ["json"] }
 schemars = "0.8"
 secstr = { version = "0.5", features = ["serde"] }
 serde = "1.0"

diff --git a/api/README.md b/api/README.md
@@ -12,6 +12,12 @@ In order to configure PREvant create a [TOML](https://github.com/toml-lang/toml)
 [runtime]
 type = 'Kubernetes'
 
+# This map of annotations allow to add additionall annotations to Kubernetes namespaces that will be created
+# through PREVant. In this example, the annotations will be used to connect the namespaces to a Rancher project.
+# Futher information is provided here: https://stackoverflow.com/a/74405246/5088458
+[runtime.annotations.namespace]
+'field.cattle.io/projectId' = 'rancher-project-id'
+
 [runtime.downwardApi]
 # Path to the file that contains the labels that have been assigned to the PREvant deployemnt itself.
 # This information is crucial if you run PREvant behind a Traefik instance that enforces the user ot be

diff --git a/api/src/apps/host_meta_cache.rs b/api/src/apps/host_meta_cache.rs
@@ -26,8 +26,7 @@
 
 use crate::apps::{Apps, AppsError};
 use crate::models::service::{Service, ServiceBuilder, ServiceStatus};
-use crate::models::RequestInfo;
-use crate::models::WebHostMeta;
+use crate::models::{AppName, RequestInfo, WebHostMeta};
 use chrono::{DateTime, Utc};
 use evmap::{ReadHandleFactory, WriteHandle};
 use multimap::MultiMap;
@@ -48,7 +47,7 @@ pub struct HostMetaCrawler {
 
 #[derive(Clone, Debug, Eq, Hash, PartialEq)]
 struct Key {
-    app_name: String,
+    app_name: AppName,
     service_id: String,
 }
 
@@ -72,17 +71,17 @@ pub fn new() -> (HostMetaCache, HostMetaCrawler) {
 impl HostMetaCache {
     pub fn update_meta_data(
         &self,
-        services: MultiMap<String, Service>,
+        services: MultiMap<AppName, Service>,
         request_info: &RequestInfo,
-    ) -> MultiMap<String, Service> {
+    ) -> MultiMap<AppName, Service> {
         let mut assigned_apps = MultiMap::new();
 
         let reader = self.reader_factory.handle();
 
         for (app_name, service) in services.iter_all() {
             for service in service.iter().cloned() {
                 let key = Key {
-                    app_name: app_name.to_string(),
+                    app_name: app_name.clone(),
                     service_id: service.id().to_string(),
                 };
 
@@ -136,7 +135,7 @@ impl HostMetaCrawler {
                     // avoid cloning when https://github.com/havarnov/multimap/issues/24 has been implemented
                     .map(move |service| {
                         let key = Key {
-                            app_name: app_name.to_string(),
+                            app_name: app_name.clone(),
                             service_id: service.id().to_string(),
                         };
                         (key, service.clone())
@@ -178,7 +177,7 @@ impl HostMetaCrawler {
         Ok(())
     }
 
-    fn clear_stale_web_host_meta(&mut self, apps: &MultiMap<String, Service>) {
+    fn clear_stale_web_host_meta(&mut self, apps: &MultiMap<AppName, Service>) {
         let copy: HashMap<Key, Vec<_>> = self
             .writer
             .map_into(|k, vs| (k.clone(), vs.iter().cloned().collect()));
@@ -311,7 +310,7 @@ impl HostMetaCrawler {
         (key, service, meta)
     }
     #[cfg(test)]
-    pub fn fake_empty_host_meta_info(&mut self, app_name: String, service_id: String) {
+    pub fn fake_empty_host_meta_info(&mut self, app_name: AppName, service_id: String) {
         let web_host_meta = WebHostMeta::empty();
         let value = Arc::new(Value {
             timestamp: chrono::Utc::now(),
@@ -320,8 +319,8 @@ impl HostMetaCrawler {
 
         self.writer.insert(
             Key {
-                app_name: app_name.clone(),
-                service_id: service_id.clone(),
+                app_name,
+                service_id,
             },
             value,
         );